{"id":16176,"date":"2021-06-08T16:40:26","date_gmt":"2021-06-08T16:40:26","guid":{"rendered":"http:\/\/ci0285254b30002663"},"modified":"2021-06-08T16:40:26","modified_gmt":"2021-06-08T16:40:26","slug":"fbi-seizes-bitcoin-from-colonial-pipeline-hack","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/business\/fbi-seizes-bitcoin-from-colonial-pipeline-hack","title":{"rendered":"FBI Seizes 63.7 Bitcoin Allegedly Tied To Colonial Pipeline Hack Ransom"},"content":{"rendered":"
<\/div>

According to a news release from the U.S. Department of Justice<\/a>, the Federal Bureau of Investigation (FBI) has seized 63.7 BTC which allegedly represent the proceeds of a ransom payment made by Colonial Pipeline to hacker group DarkSide.<\/p>\n

\u201cThere is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors,\u201d said FBI Deputy Director Paul Abbate, per the release. \u201cWe will continue to use all of our available resources and leverage our domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American public.\u201d<\/p>\n

Acting U.S. Attorney for the Northern District of California, Stephanie Hinds, also commented on the seizure, highlighting the need \u201cto continue improving the cyber resilience\u201d of critical infrastructure across the nation. She added that advanced methods to improve authorities\u2019 \u201cability to track and recover digital ransom payments\u201d will continue to be developed.<\/p>\n

The 63.7 bitcoin seized allegedly represent part of a ransom payment made by Colonial Pipeline<\/a>, the largest pipeline system for refined oil products in the U.S., after the company fell victim to a ransomware attack authored by hacker group DarkSide.<\/p>\n

Ransomware is a kind of computer malware that hijacks the victim\u2019s data, encrypts it<\/a> and demands a ransom payment to restore it. The attack forced Colonial to shut down its entire pipeline, halting its distribution services to many U.S. states and triggering gas price rises across the country.<\/p>\n

Upon noticing that the company\u2019s systems were under attack, Colonial promptly reported to the FBI and informed them about the ransom payment made to DarkSide. According to the seizure\u2019s supporting affidavit<\/a>, the FBI analyzed the Bitcoin blockchain and inferred the path taken by the ransom payment through transaction graph heuristics<\/a>.<\/p>\n

The bureau was then allegedly able to identify that 63.7 BTC from the ransom payment had been transferred to a specific address, for which the FBI has the private key<\/a>, and is, therefore, able to spend \u2014 or in this case seize \u2014 those funds.<\/p>\n

The affidavit didn\u2019t mention how the FBI could control the private keys for the address used by DarkSide, and it is unclear how that would be possible, given Bitcoin\u2019s censorship-resistant nature<\/a>. One possibility is that the address could be in a custodial wallet, thereby facilitating control. Another likely scenario would be the funds being stored in an unencrypted wallet \u2014 which is vulnerable to theft<\/a>. Lastly, the FBI could have employed digital forensics on the wallet<\/a> to retrieve sensitive information remotely.<\/p>\n

According to a tweet from Blockstream CEO Adam Back<\/a>, the FBI obtained a subpoena granting access to a rented cloud server used by the hackers, which allowed it to seize the bitcoin. <\/p>\n","protected":false},"excerpt":{"rendered":"

The FBI has seized 63.7 bitcoin that are allegedly part of a ransom paid by Colonial Pipeline to hacker group DarkSide.<\/p>\n","protected":false},"author":2572,"featured_media":5189,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[2988,1723,299,2535],"class_list":{"0":"post-16176","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"tag-colonial-pipeline","9":"tag-department-of-justice","10":"tag-fbi","11":"tag-hackers"},"author_data":{"id":2572,"name":"Namcios","nicename":"namcios","avatar_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/12\/pfp-96x96.png"},"featured_image_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/11\/regulation-authority-crime.jpg","_links":{"self":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/16176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/users\/2572"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/comments?post=16176"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/16176\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media\/5189"}],"wp:attachment":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media?parent=16176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/categories?post=16176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/tags?post=16176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}